[Zope-dev] How (in)secure is Zope?

[Adrian van den Dries]

On March 13, Christian Tismer wrote:
> please excuse my ignorance, but I am asked
> from time to time how secure or insecure
> Zope actually is, and I always have to say
> that I actually don't know.

How secure is your wallet?

You will never answer this until you define what you mean by
"security", and what you are securing *against*.

Zope is perfectly secure or some uses, and perfectly insecure for
others.

For example, for safe delegation of responsibility within a web
application, in a trusted environment, Zope is "secure".

However, as a mission-critical service exposed to the internet, it is
wide-open.

a.

-- 
 Adrian van den Dries                           adriand@flow.com.au
 Development team                               www.dev.flow.com.au
 FLOW Communications Pty. Ltd.                  www.flow.com.au